source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-sudocmdgroup.md

c8 c8s master
  1.   d886cd8282716b4b21e40f06f5a5d492345979a0
  2.   README-sudocmdgroup.md
Blob History Raw
Packit 8cb997 
Sudocmdgroup module
Packit 8cb997 
===================
Packit 8cb997
Packit 8cb997 
Description
Packit 8cb997 
-----------
Packit 8cb997
Packit 8cb997 
The sudocmdgroup module allows to ensure presence and absence of sudocmdgroups and members of sudocmdgroups.
Packit 8cb997
Packit 8cb997 
The sudocmdgroup module is as compatible as possible to the Ansible upstream `ipa_sudocmdgroup` module, but additionally offers to make sure that sudocmds are present or absent in a sudocmdgroup.
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Features
Packit 8cb997 
--------
Packit 8cb997 
* Sudocmdgroup management
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Supported FreeIPA Versions
Packit 8cb997 
--------------------------
Packit 8cb997
Packit 8cb997 
FreeIPA versions 4.4.0 and up are supported by the ipasudocmdgroup module.
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Requirements
Packit 8cb997 
------------
Packit 8cb997
Packit 8cb997 
**Controller**
Packit 8cb997 
* Ansible version: 2.8+
Packit 8cb997
Packit 8cb997 
**Node**
Packit 8cb997 
* Supported FreeIPA version (see above)
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Usage
Packit 8cb997 
=====
Packit 8cb997
Packit 8cb997 
Example inventory file
Packit 8cb997
Packit 8cb997 
```ini
Packit 8cb997 
[ipaserver]
Packit 8cb997 
ipaserver.test.local
Packit 8cb997 
```
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Example playbook to make sure sudocmdgroup is present:
Packit 8cb997
Packit 8cb997 
```yaml
Packit 8cb997 
---
Packit 8cb997 
- name: Playbook to handle sudocmdgroups
Packit 8cb997 
  hosts: ipaserver
Packit 8cb997 
  become: true
Packit 8cb997
Packit 8cb997 
  tasks:
Packit 8cb997 
  # Ensure sudocmdgroup is present
Packit 8cb997 
  - ipasudocmdgroup:
Packit 8cb997 
      ipaadmin_password: MyPassword123
Packit 8cb997 
      name: group01
Packit 8cb997 
      description: Group of important commands
Packit 8cb997 
```
Packit 8cb997
Packit 8cb997 
Example playbook to make sure that a sudo command and sudocmdgroups are present in existing sudocmdgroup:
Packit 8cb997
Packit 8cb997 
```yaml
Packit 8cb997 
---
Packit 8cb997 
- name: Playbook to handle sudocmdgroups
Packit 8cb997 
  hosts: ipaserver
Packit 8cb997 
  become: true
Packit 8cb997
Packit 8cb997 
  tasks:
Packit 8cb997 
  # Ensure sudo commands are present in existing sudocmdgroup
Packit 8cb997 
  - ipasudocmdgroup:
Packit 8cb997 
      ipaadmin_password: MyPassword123
Packit 8cb997 
      name: group01
Packit 8cb997 
      sudocmd:
Packit 8cb997 
      - /usr/bin/su
Packit 8cb997 
      - /usr/bin/less
Packit 8cb997 
      action: member
Packit 8cb997 
```
Packit 8cb997 
`action` controls if the sudocmdgroup or member will be handled. To add or remove members, set `action` to `member`.
Packit 8cb997
Packit 8cb997 
Example playbook to make sure that a sudo command and sudocmdgroups are absent in sudocmdgroup:
Packit 8cb997
Packit 8cb997 
```yaml
Packit 8cb997 
---
Packit 8cb997 
- name: Playbook to handle sudocmdgroups
Packit 8cb997 
  hosts: ipaserver
Packit 8cb997 
  become: true
Packit 8cb997
Packit 8cb997 
  tasks:
Packit 8cb997 
  # Ensure sudocmds are absent in existing sudocmdgroup
Packit 8cb997 
  - ipasudocmdgroup:
Packit 8cb997 
      ipaadmin_password: MyPassword123
Packit 8cb997 
      name: group01
Packit 8cb997 
      sudocmd:
Packit 8cb997 
      - /usr/bin/su
Packit 8cb997 
      - /usr/bin/less
Packit 8cb997 
      action: member
Packit 8cb997 
      state: absent
Packit 8cb997 
```
Packit 8cb997
Packit 8cb997 
Example playbook to make sure sudocmdgroup is absent:
Packit 8cb997
Packit 8cb997 
```yaml
Packit 8cb997 
---
Packit 8cb997 
- name: Playbook to handle sudocmdgroups
Packit 8cb997 
  hosts: ipaserver
Packit 8cb997 
  become: true
Packit 8cb997
Packit 8cb997 
  tasks:
Packit 8cb997 
  # Ensure sudocmdgroup is absent
Packit 8cb997 
  - ipasudocmdgroup:
Packit 8cb997 
      ipaadmin_password: MyPassword123
Packit 8cb997 
      name: group01
Packit 8cb997 
      state: absent
Packit 8cb997 
```
Packit 8cb997
Packit 8cb997 
Variables
Packit 8cb997 
=========
Packit 8cb997
Packit 8cb997 
ipasudocmdgroup
Packit 8cb997 
-------
Packit 8cb997
Packit 8cb997 
Variable | Description | Required
Packit 8cb997 
-------- | ----------- | --------
Packit 8cb997 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit 8cb997 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit 8cb997 
`name` \| `cn` | The list of sudocmdgroup name strings. | no
Packit 8cb997 
`description` | The sudocmdgroup description string. | no
Packit 8cb997 
`nomembers` | Suppress processing of membership attributes. (bool) | no
Packit 8cb997 
`sudocmd` | List of sudocmdgroup name strings assigned to this sudocmdgroup. | no
Packit 8cb997 
`action` | Work on sudocmdgroup or member level. It can be on of `member` or `sudocmdgroup` and defaults to `sudocmdgroup`. | no
Packit 8cb997 
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | no
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Authors
Packit 8cb997 
=======
Packit 8cb997
Packit 8cb997 
Rafael Guterres Jeffman

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation